In the 1970s and 1980s, mathematicians, computer scientists and engineers, having realized that electronic communications required encryption for the sake of privacy, started working on developing tools for providing just that. Academic research is public. At its best, it is open for inspection, perusal, sharing, distribution and modification. That means if research on privacy-enhancing cryptography is made public, then everyone can, besides attempting to improve on it, benefit from it: you and I could use encryption software to make our communication private.
The NSA considered this bad news.
Its stated rationale was that research on cryptography can fall into the “wrong hands.” Equipped with strong encryption, terrorists and other secret agents could plot against the U.S. safe in the knowledge that American secret security forces could not decipher their communications.
Encryption, therefore, was a munition—a weapon—that could be used against the U.S.
But no less significant a problem was that private citizens had a new way to ensure that their communications were kept away from the prying eyes of the NSA. Dissent could be made more secret than was ever possible in the days of the civil rights activists of the 1960s.
|Before the age of social media, the government tried prosecuting scientists for releasing encryption software. Now, because Facebook and weak privacy laws have so corroded the public sphere, the government doesn’t even have to do that anymore to keep its eye on you.|
So when the NSA got wind of academic research on cryptography, its agents approached those working on such research and “suggested” that all such research be vetted by the NSA. Roughly, the NSA’s instructions to encryption researchers were: keep us apprised of what you are doing and run it by us for clearance before you release it to other academics.
It might have been the first time that a powerful covert government agency had suggested that academic research be controlled and monitored in this fashion: the NSA wanted nothing less than a monopoly on cryptography research. Given the NSA’s resistance to encryption reaching the masses, it’s a miracle we have it facilitating e-commerce today.
Pretty soon, though, MIT scientists Ron Rivest, Adi Shamir and Leonard Adelman had developed a system called RSA that solved a long-standing technical problem in cryptography. It made widespread use and commercialization possible. This did not deter the NSA or the FBI, which became more aggressive in attempting to prosecute those who made encryption software public.
For instance, the 1991 release of PGP (Pretty Good Privacy), a data encryption tool by developer Phil Zimmerman, was regarded as the “export” of a deadly weapon. It triggered a criminal investigation and ultimately failed prosecution of Zimmermann. (The full story of how the NSA and the FBI attempted to crack down on cryptography research, and the resistance of pioneers like Whitfield Diffie, Marty Hellman and Phil Zimmerman, is told in Crypto: How the Code Rebels Beat the Government, a book published a dozen years ago but still relevant today.)
The irony of this mostly untold story is that the NSA doesn’t need to worry about private individuals’ ability to encrypt electronic communications. Instead, it can rely on the creation of a public sphere in which expectations of privacy are so low that no one takes privacy seriously.
The NSA is aided and abetted by tools like Facebook and Twitter, which create privacy-invasive spaces, as well as U.S. privacy laws that are hopelessly fragmented (as opposed to European privacy laws, which ensure one benchmark for any form of personal communication). Facebook and other social media tools have ensured a lower social expectation of privacy while weak federal privacy laws mean that Americans are always unsure of what privacy protections they are entitled to and therefore, they are less likely to aggressively demand any.
Privacy has thus been more corroded recently than it has been at any other comparable point in the history of electronic communication, clearing the way for the NSA to conduct the massive eavesdropping and surveillance it has conducted recently.
We should not imagine that because the battle to bring encryption and privacy to the masses was won in the past that all future battles will be.
The story of the NSA and the encryption pioneers reminds us that it is likely to be an ongoing battle, one that will require as much resilience and determination as they showed.